A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.
Link: https://threatpost.com/unique-malspam-campaign-uses-ms-publisher-to-drop-a-rat-on-banks/136656/
Tag: Hacks
Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution
The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF.
AT&T Faces $224M Legal Challenge Over SIM-Jacking Rings
Cryptocurrency angel investor Michael Terpin seeks damages for “gross negligence" by the carrier, alleging it turned a blind eye to store employees’ malicious activities.
Link: https://threatpost.com/att-faces-224m-legal-challenge-over-sim-jacking-rings/136645/
ATM Heists Only Set to Accelerate After $13M Break-In
The Cosmos Bank incident is only the latest, not the last, thanks to lagging security practices.
Link: https://threatpost.com/atm-heists-only-set-to-accelerate-after-13m-break-in/136629/
‘China’s MIT’ Linked to Espionage Campaign Against Alaska, Economic Partners
The targets were scanned millions of times, and are all in some way linked to China’s ongoing economic development activities, according to Recorded Future.
Google Expands Bug Bounty Program to Battle Abuse Methods
The program focuses on potential abuse methods across Google’s product-specific channels like Google+, Youtube, Gmail and Blogger.
Link: https://threatpost.com/google-expands-bug-bounty-program-to-battle-abuse-methods/136590/
Open MQTT Servers Raise Physical Threats in Smart Homes
Misconfigured DIY smart-home hubs for home automation could allow attackers to track owners’ movements, see if smart doors and windows are opened or closed, and even open garage doors.
Link: https://threatpost.com/open-mqtt-servers-raise-physical-threats-in-smart-homes/136586/
ThreatList: Telecom Sector Plagued with Advanced Malware
Advanced behavior malware threats are targeting telecom services – at a higher level than the global average, researchers found.
Link: https://threatpost.com/threatlist-telecom-sector-plagued-with-advanced-malware/136543/
BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?
In testing, an Internet of Things (IoT) botnet of large, power-consuming appliances was used to carry out coordinated attacks on the energy grid.
Link: https://threatpost.com/blackiot-botnet-can-water-heaters-washers-bring-down-the-power-grid/136559/
Office 365 Phishing Campaign Hides Malicious URLs in SharePoint Files
Researchers say the “PhishPoint" tactic has already impacted 10 percent of Office 365 users globally.
Link: https://threatpost.com/office-365-phishing-campaign-hides-malicious-urls-in-sharepoint-files/136525/